
最新の2025年04月 EC-COUNCIL 212-89問題集で更新された170問あります
PDF無料ダウンロードには212-89有効な練習テスト問題
ECIH V2認定試験は、インシデント処理と対応のすべての側面をカバーする包括的な試験です。試験は100の複数選択の質問で構成されており、候補者は試験を完了するのに2時間あります。認定試験はオンラインで入手でき、専門家が世界中のどこからでも試験を受けるのが便利です。この試験は、英語、スペイン語、中国語を含む複数の言語でも利用できます。
ECIH V2認定は、組織内のセキュリティインシデントの検出、対応、および管理を担当する専門家向けに設計されています。これには、インシデントハンドラー、リスク評価管理者、脆弱性評価アナリスト、およびその他のサイバーセキュリティの専門家が含まれます。この認証は、インシデント対応と回復、ネットワークインフラストラクチャとプロトコル、フォレンジック分析など、インシデント処理に関連する幅広いトピックをカバーしています。
質問 # 65
James is a professional hacker and is employed by an organization to exploit their cloud services. In order to achieve this, James created anonymous access to the cloud services to carry out various attacks such as password and key cracking, hosting malicious data, and DDoS attacks. Which of the following threats is he posing to the cloud platform?
- A. Data breach/loss
- B. Insecure interface and APIs
- C. Insufficient duo diligence
- D. Abuse end nefarious use of cloud services
正解:D
解説:
James's activities, including creating anonymous access to cloud services to carry out attacks such as password and key cracking, hosting malicious data, and conducting DDoS attacks, exemplify the abuse and nefarious use of cloud services. This threat involves exploiting cloud computing resources to conduct malicious activities, which can impact the cloud service provider as well as other users of the cloud services. This abuse ranges from using the cloud platform's resources for computationally intensive tasks like cracking passwords or encryption keys to conducting DDoS attacks that can disrupt services for legitimate users.References:The Incident Handler (ECIH v3) certification emphasizes understanding cloud-specific security challenges, including the abuse of cloud services, and recommends strategies for mitigating such risks, highlighting the need for comprehensive security measures to protect cloud environments.
質問 # 66
Drake is an incident handler in Dark CLoud Inc. He is intended to perform log analysis in order to detect traces of malicious activities within the network infrastructure.
Which of the following tools Drake must employ in order to view logs in real time and identify malware propagation within the network?
- A. Splunk
- B. Hydra
- C. LOIC
- D. HULK
正解:A
解説:
Splunk is a powerful tool for log analysis, capable of collecting, analyzing, and visualizing data from various sources in real time. For an incident handler like Drake, intending to detect traces of malicious activities within the network infrastructure, Splunk can efficiently parse large volumes of log data, enabling the identification of patterns and anomalies that may indicate malware propagation or other security incidents. Its real-time analysis capabilities make it an ideal tool for monitoring network activities and responding to incidents promptly.
質問 # 67
An audit trail policy collects all audit trails such as series of records of computer events, about an operating
system, application or user activities. Which of the following statements is NOT true for an audit trail policy:
- A. It helps calculating intangible losses to the organization due to incident
- B. It helps in compliance to various regulatory laws, rules,and guidelines
- C. It helps tracking individual actions and allows users to be personally accountable for their actions
- D. It helps in reconstructing the events after a problem has occurred
正解:A
質問 # 68
An attacker after performing an attack decided to wipe evidences using artifact wiping techniques to evade forensic investigation. He applied magnetic field to the digital media device, resulting in an entirely clean device of any previously stored data.
Identify the artifact wiping technique used by the attacker.
- A. Disk degaussing/destruction
- B. File wiping utilities
- C. Disk cleaning utilities
- D. Syscall proxying
正解:A
解説:
The technique described, where an attacker applies a magnetic field to a digital media device to clean it of any previously stored data, is known as disk degaussing. Degaussing is a method used to erase a disk or tape by exposing it to a strong magnetic field, destroying the magnetic data storage mechanism and leaving the device clean of any data. This process is effectively used for wiping digital evidence in a way that makes recovery impossible, serving as a method of anti-forensics. Unlike file wiping utilities or disk cleaning utilities, which overwrite or delete data (potentially leaving traces that can be recovered), degaussing physically alters the storage medium itself, making data recovery unfeasible.References:The ECIH v3 certification program discusses various artifact wiping techniques, including degaussing, as part of understanding anti-forensic methods that attackers use to evade detection and investigation.
質問 # 69
Which one of the following is the correct sequence of flow of the stages in an incident response:
- A. Containment - Identification - Preparation - Recovery - Follow-up - Eradication
- B. Identification - Preparation - Containment - Recovery - Follow-up - Eradication
- C. Eradication - Containment - Identification - Preparation - Recovery - Follow-up
- D. Preparation - Identification - Containment - Eradication - Recovery - Follow-upà
正解:D
質問 # 70
Shall y, an incident handler, is working for a company named Texas Pvt.Ltd.based in Florida. She was asked to work on an incident response plan. As part of the plan, she decided to enhance and improve the security infrastructure of the enterprise. She has incorporated a security strategy that allows security professionals to use several protection layers throughout their information system. Due to multiple layer protection, this security strategy assists in preventing direct attacks against the organization's information system as a break in one layer only leads the attacker to the next layer.
Identify the security strategy Shall y has incorporated in the incident response plan.
- A. Three-way handshake
- B. Exponential back off algorithm
- C. Covert channels
- D. Defense-in-depth
正解:D
質問 # 71
Which of the following might be an insider threat?
- A. Business partners
- B. All of these
- C. Disgruntled system administrators
- D. Current employee
正解:B
質問 # 72
Except for some common roles, the roles in an IRT are distinct for every organization. Which among the following is the role played by the Incident Coordinator of an IRT?
- A. Links the groups that are affected by the incidents, such as legal, human resources, different business areas and management
- B. Focuses on the incident and handles it from management and technical point of view
- C. Links the appropriate technology to the incident to ensure that the foundation's offices are returned to normal operations as quickly as possible
- D. Applies the appropriate technology and tries to eradicate and recover from the incident
正解:A
質問 # 73
Which of the following is host-based evidence?
- A. The date and time of the PC
- B. Wiretaps
- C. IDS logs
- D. Router logs
正解:A
質問 # 74
Clark, a professional hacker, exploited the web application of a target organization by tampering the form and parameter values. He successfully exploited the web application and gained access to the information assets of the organization.
Identify the vulnerability in the web application exploited by the attacker.
- A. SQL injection
- B. Security misconfiguration
- C. Broken access control
- D. Sensitive data exposure
正解:C
質問 # 75
Which of the following techniques prevent or mislead incident-handling processes and may also affect the collection, preservation, and identification phases of the forensic investigation process?
- A. Scanning
- B. Anti-forensics
- C. Enumeration
- D. Foot printing
正解:B
質問 # 76
Bob, an incident responder at CyberTech Solutions, is investigating a cybercrime attack that occurred in the client company. He acquired the evidence data, preserved it, and started performing analysis on the acquired evidentiary data to identify the source of the crime and the culprit behind the incident. Identify the forensic investigation phase in which Bob is currently in.
- A. Pre-investigation phase
- B. Post-investigation phase
- C. Vulnerability assessment phase
- D. Investigation phase
正解:D
質問 # 77
Which of the following tools helps incident responders effectively contain a potential cloud security incident and gather required forensic evidence?
- A. Alert Logic
- B. Qualys Cloud Platform
- C. CloudPassage Quarantine
- D. Cloud Passage Halo
正解:A
質問 # 78
Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket submitted regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he performed incident analysis and validation to check whether the incident is a genuine incident or a false positive.
Identify the stage he is currently in.
- A. Incident disclosure
- B. Post-incident activities
- C. Incident recording and assignment
- D. Incident triage
正解:D
解説:
Incident triage is the stage in the incident response process where the incident handler, like Mike, performs an initial assessment of the reported incident to determine its validity, severity, and potential impact. This includes analyzing the incident to verify if it is a genuine threat or a false positive. The purpose of incident triage is to prioritize incidents based on their criticality and ensure that resources are allocated effectively to address the most serious threats first. This stage is crucial for efficient incident management, as it helps in filtering out false alarms and focusing on real security incidents that require immediate attention.References:The ECIH v3 curriculum covers the incident response lifecycle, including the importance of incident triage as a key step in ensuring that incident handling efforts are focused on genuine security incidents, thereby optimizing the response process.
質問 # 79
Jacob is an employee at a firm called Dolphin Investment. While he was on duty, he identified that his computer was facing some problems, and he wanted to convey the issue to the concerned authority in his organization. However, this organization currently does not have a ticketing system to address such types of issues. In the above scenario, which of the following ticketing systems can be employed by Dolphin Investment to allow Jacob to inform the concerned team about the incident?
- A. MISP
- B. ManageEngine ServiceDesk Plus
- C. IBM XForco Exchange
- D. ThreatConnect
正解:B
解説:
In the scenario where Dolphin Investment needs to implement a ticketing system for employees like Jacob to report IT-related issues, ManageEngine ServiceDesk Plus is the most suitable option among the choices provided. ManageEngine ServiceDesk Plus is a comprehensive IT help desk software that facilitates issue tracking, incident management, and efficient resolution of IT-related problems and requests. It enables users to submit tickets through various channels, including email, web portal, phone, or chat, and allows IT support teams to manage these tickets through a centralized platform. This system is designed to streamline the process of reporting, tracking, and resolving IT issues and incidents, making it an ideal solution for organizations looking to establish a formalized incident reporting and resolution process. Other options like IBM X-Force Exchange, ThreatConnect, and MISP focus more on threat intelligence sharing and security incident analysis rather than functioning as an IT help desk or ticketing system.References:Incident Handler (ECIH v3) courses and study guides often discuss the importance of having an effective incident reporting and management system in place, and ManageEngine ServiceDesk Plus is frequently cited as a practical solution for organizations seeking to implement such a system.
質問 # 80
An estimation of the expected losses after an incident helps organization in prioritizing and formulating their
incident response. The cost of an incident can be categorized as a tangible and intangible cost. Identify the
tangible cost associated with virus outbreak?
- A. Loss of goodwill
- B. Psychological damage
- C. Damage to corporate reputation
- D. Lost productivity damage
正解:D
質問 # 81
Mr.Smith is a lead incident responder of a small financial enterprise, which has a few branches in Australia. Recently, the company suffered a massive attack, losing$5M through an inter-banking system After an in-depth investigation, it was found that the incident occurred because the attackers penetrated the network through a minor vulnerability 6 months ago and maintained access without being detected by any user. They then tried to delete user fingerprints and performed a lateral movement to the computer of a person with privileges in the inter-banking system. The attackers finally gained access and performed fraudulent transactions.
In the above scenario, which of the following most accurately describes the type of attack?
- A. APT attack
- B. Phishing
- C. Denial-of-service attack
- D. Ransom ware attack
正解:A
質問 # 82
The free utility which quickly scans Systems running Windows OS to find settings that may have been changed by spyware, malware, or other unwanted programs is called:
- A. Stinger
- B. Tripwire
- C. F-Secure Anti-virus
- D. HijackThis
正解:D
質問 # 83
Which of the following is not a countermeasure to eradicate cloud security incidents?
- A. Remove the malware files and traces from the affected components
- B. Patch the database vulnerabilities and improve the isolation mechanism
- C. Check for data protection at both design and runtime
- D. Disable security options such as two factor authentication and CAPTCHA
正解:D
解説:
Disabling security options such as two-factor authentication (2FA) and CAPTCHA is not a countermeasure to eradicate cloud security incidents. In fact, it is contrary to best security practices. 2FA adds an additional layer of security by requiring two forms of verification before granting access to an account or system. CAPTCHA helps prevent automated attacks by ensuring that the entity accessing the service is human. Both are important security measures that protect against unauthorized access and automated attacks, thereby enhancing cloud security.
質問 # 84
......
EC-COUNCIL 212-89 認定試験は、インシデントハンドリングとレスポンスの分野での知識とスキルをテストすることを意図しています。インシデント管理、リスク評価、脆弱性評価、インシデント報告、レスポンス手順など、さまざまなトピックをカバーしています。試験は、セキュリティ侵害が発生した場合の組織の法的義務を含む、インシデントハンドリングとレスポンスの法的および規制上の側面にも焦点を当てています。
212-89テストエンジンお試しセット、212-89問題集PDF:https://jp.fast2test.com/212-89-premium-file.html
最新のEC-COUNCIL 212-89PDFと問題集で(2025)無料試験問題解答はここ:https://drive.google.com/open?id=1FHxOrD3-kdjxlb0X8szGI_uSMEU9LGO8